For my Computer Security and my Data
Management students. Organizations rarely know what information has
been accessed or downloaded immediately following the breach.
Equifax
hack exposed more information than we thought, documents show
The credit-reporting company announced in
September that the personal information of 145.5 million consumers
had been compromised in a data breach. It originally said that the
information accessed included names, Social Security numbers, birth
dates, addresses and — in some cases — driver's license numbers
and credit card numbers. It also said the personal information from
thousands of dispute documents was accessed.
However, Atlanta-based Equifax Inc. recently
disclosed in a document submitted to the Senate Banking Committee,
which was shared with Associated Press, that a forensic investigation
found criminals accessed other information from company records.
That included tax identification numbers, email addresses and phone
numbers. Details, such as the expiration dates for credit cards or
issuing states for driver's licenses, were also included in the list.
… Equifax waited months to disclose the hack.
After it did, anxious consumers experienced jammed phone lines and
uninformed company representatives. An Equifax website set up to
help people determine their exposure was described as sketchy by
security experts and provided inconsistent and unhelpful information
to many. The company blamed the online customer help page's problems
on a vendor's software code after it appeared that it had been hacked
as well.
I suspect US numbers would be similar.
The Canadian Press reports:
A new study suggests nearly 90 per cent of Canadian organizations suffered at least one security breach last year and sensitive data was exposed almost half of the time.
The survey found that one in five breaches was classified as “high impact” because sensitive customer or employee information was exposed.
Read more on Canadian
Business.
Not sure I agree with the ECHR. I think Spain got
it right.
DAC Beachcroft writes:
The use of hidden cameras did violate the right to privacy of employees who were dismissed for theft, according to the European Court of Human Rights.
The facts
A Spanish supermarket, MSA, identified discrepancies between stock levels and what was supposedly being sold in store. The monthly losses ranged from around €7,500 to €24,000. As part of an investigation, it installed surveillance cameras. Some of these cameras, aimed at detecting customer theft, were pointed towards the entrances and exits of the supermarket, and were visible. Other cameras, which zoomed in on the checkout counters and covered the area behind the cash desk, were hidden. These were aimed at detecting thefts by employees. MSA gave its workers prior notice of the installation of the visible cameras. Neither the workers nor the company’s staff committee were informed of the hidden cameras.
Read more on Lexology.
Similar to a case the US Supreme Court will decide
soon.
Newfoundland Provincial Court refuses to issue production order for data stored in the U.S., expressly disagreeing with recent BCCA decision on point
Judge Wayne Gorman of the Newfoundland Provincial Court recently issued a decision on the extraterritorial reach of production orders seeking stored data. In the Matter of an application to obtain a Production Order pursuant to section 487.014 of the Criminal Code of Canada involved an investigation by the Royal Newfoundland Constabulary into an alleged case of cyber-extortion, in which nude pictures of a child were sent from somewhere in Newfoundland, via Facebook, and threats made to release the pictures publicly if money was not paid. The police applied for a production order compelling a company located in the United States (not Facebook, it would appear) to produce data, despite the fact that the company has no physical presence in Canada.
Read more
on Canadian
Technology Law Association.
Free Money! Trust me!
'Nigerian
Prince' Financial Scam Roars Back To Life In The Bitcoin
Cryptocurrency Age
If you're well-seasoned internet user, surely you
have seen scams over the years that revolved around a Nigerian prince
who needs your help to move money out of the country. We all know
that it is a scam, yet for a long time, people have fallen for it.
That Nigerian Prince scam
is now back and has a new twist while spreading via Twitter.
The scam sees nefarious users making Twitter
handles that are very close to legitimate and well-known Twitter
users. The scammer then responds to one of the real poster's tweets
to give the appearance that they started the thread. The scammer
then puts up a tweet offering to provide a Bitcoin
"reward" to anyone who sends a smaller amount of
cryptocurrency
to a specific wallet.
Shockingly, people are falling for the scam, and
then the scammer is reaping all the Bitcoin sent to the wallet
without paying anything out. One of the scams impersonated Elon
Musk and with his oddball persona it might be easy for some to
see Musk giving away Bitcoin.
… "It's like a social media impersonation
mixed with a classic Nigerian prince scam," says Crane Hassold,
a threat intelligence manager at the security firm PhishLabs.
"Twitter will likely start blocking the accounts making the
posts, but the level of effort needed for this scam is so low that
it'll probably be a cat and mouse game, and the return on investment
at the beginning will be pretty good for the actor."
Will this be as much fun if it’s legal?
EFF Files
For DMCA Exemption To Jailbreak Amazon Echo, Google Home, Apple
HomePod
The jailbreaking
community is alive and well, and people frequently install
"unauthorized" software on their smartphones and tablets
once they’ve cracked the bootloader. This practice is often
frowned upon by device OEMs (especially Apple), but it is legal to do
so under an exemption in Section 1201 of the Digital Millennium
Copyright Act (DMCA).
The Electronic Frontier Foundation (EFF), however,
wants to extend the exemption to include another hot segment in the
consumer electronics market: smart AI speakers. That would means
that owners of devices like the Amazon
Echo, Google
Home, and Apple
HomePod would be free to hack into these devices to see what
makes them tick without fear of retribution.
It’s a slapdown for management, but no
managers were harmed?
Wells
Fargo's Hard Slap From the Fed Is Going to Hurt
Wells
Fargo was stunned by a blow dealt by the Federal
Reserve at the beginning of February. In an unprecedented move, the
Fed has prohibited the bank from growing its assets from the level
they reached at the end of 2017, among
other penalties.
… Wells Fargo's reputation has been in the
doghouse since
late 2016, when it was discovered that the bank opened millions
of new accounts for existing customers. That wouldn't be a problem,
except those clients apparently neither requested nor authorized
them. Before long, it came to light that this "fake accounts
scandal" was more widespread than first reported. All told, the
bank admitted that around 3.5 million bogus accounts were created.
Wells Fargo soon dropped the ball again, and more
than once. It was also accused of malfeasance with auto insurance
products and, worse, mortgages – a crucial segment for the company.
Interesting idea. I’ll have to think about this
one.
The End of
Scale
For more than a century, economies of scale made
the corporation an ideal engine of business. But now, a flurry of
important new technologies, accelerated by artificial intelligence
(AI), is turning economies of scale inside out. Business in the
century ahead will be driven by economies of unscale, in
which the traditional competitive advantages of size are turned on
their head.
Economies of unscale are enabled by two
complementary market forces: the
emergence of platforms and technologies that can be rented as needed.
These developments have eroded the powerful inverse relationship
between fixed costs and output that defined economies of scale. Now,
small, unscaled companies can pursue niche markets and successfully
challenge large companies that are weighed down by decades of
investment in scale — in mass production, distribution, and
marketing.
Something I’ll point my student to when they
complain that I take points off for poor writing.
Oxford
comma dispute is settled as Maine drivers get $5 million
Ending a case that electrified punctuation
pedants, grammar goons and comma connoisseurs, Oakhurst Dairy settled
an
overtime dispute with its drivers that hinged entirely on the
lack of an Oxford comma in state law.
The dairy company in Portland, Maine, agreed to
pay $5 million to the drivers, according to court documents filed
Thursday.
The relatively small-scale dispute gained
international notoriety last year when the U.S. Court of Appeals for
the 1st Circuit ruled that the missing comma created enough
uncertainty to side with the drivers, granting those who love the
Oxford comma a chance to run a victory lap across the internet.
… The case began in 2014, when three truck
drivers sued the dairy for what they said was four years’ worth of
overtime pay they had been denied. Maine law requires
time-and-a-half pay for each hour worked after 40 hours, but it
carved out exemptions for:
The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
What followed the last comma in the first sentence
was the crux of the matter: “packing for shipment or distribution
of.” The court ruled that it was not clear whether the law
exempted the distribution of the three categories that followed, or
if it exempted “packing for” the shipment or
distribution of them.
… Since then, the Maine Legislature addressed
the punctuation problem. Here’s
how it reads now:
The canning; processing; preserving; freezing; drying; marketing; storing; packing for shipment; or distributing of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
So now we get to replace Oxford comma pedantry
with semicolon pedantry.
These tools might help create an interesting
project. Write about a Computer Security breach, pointing out all
the obfuscation, blame shifting, lack of planning, etc.
Newspaper
Templates for Google Docs & Word
This morning I answered an email from a reader who
was looking for suggestions on tools that his students can use to
collaboratively create a newspaper. My first suggestion was to try
LucidPress. My
second thought was to try using some Google Docs templates.
I didn't have any Google Docs templates of my own
so I did a quick Google search for "newspaper templates Google
Docs" and I found this
collection put together by students at Westlake Girls High School
in Auckland, New Zealand. There are ten newspaper templates in the
collection. You can make your own copy of the templates by opening
them and then selecting, "file" and "make a copy"
in Google Docs.
If you're a Microsoft Word user, you can try
these templates to create newsletters and newspapers. Word Online
is free and supports collaborative writing too.
The person who emailed me this morning was going
to use the newspaper templates in a history class to have students
write articles as news reports about historical events.